CVE-2023-28335
Cross-Site Request Forgery (CSRF) in packagist/moodle/moodle
Identifiers
CVE-2023-28335, GHSA-wxmq-v9gx-75pg
Package Slug
packagist/moodle/moodle
Vulnerability
Cross-Site Request Forgery (CSRF)
Description
The link to reset all templates of a database activity does not include the necessary token to prevent a CSRF risk.
Affected Versions
All versions starting from 4.1.0 before 4.1.2
Solution
Upgrade to version 4.1.2 or above.
Last Modified
2023-03-24
| source |